CVE-2024-55945 Cross-Site Request Forgery in DB Check Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55945 Cross-Site Request Forgery in DB Check Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

GHSA-7R5Q-4QGX-V545 TYPO3 Indexed Search Module vulnerable to Cross-Site Request Forgery

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

GHSA-WW7H-G2QF-7XV6 TYPO3 Form Framework Module vulnerable to Cross-Site Request Forgery

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

TYPO3 Cross-Site Request Forgery in Dashboard Module

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

GHSA-QWX7-39PW-2MHR TYPO3 Cross-Site Request Forgery in Dashboard Module

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

Mozilla: Denial of Access to Static Resources via Cache Poisoning on addons.allizom.org

A cache poisoning vulnerability was identified on addons.allizom.org that allowed an attacker to block access to static resources such as images and JavaScript files. The issue was exploited by processing the X-HTTP-Method-Override header, which was honored by the origin server and treated the...

CVE-2024-11494

UNSUPPORTED WHEN ASSIGNED The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP20140331 could allow an unauthenticated attacker to read some device information via a crafted HTTP HEAD method...

CVE-2024-11494

CVE-2024-11494 affects Zyxel P-6101C ADSL modem, specifically firmware version P-6101CSA6AP_20140331. The vulnerability is described as improper authentication that could allow an unauthenticated attacker to read certain device information via a crafted HTTP HEAD request. The CVSS 3.1 vector is N...

Ruby On Rails JSON Processor YAML Deserialization Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby on Rails JSON Processor YAML Deserialization Scanner', 'Description' = %q This module attempts to identify Ruby on Rails instances vulnerabl...

CBL Mariner 2.0 Security Update: cri-tools / docker-buildx / kubernetes / opa / prometheus (CVE-2023-45142)

The version of cri-tools / docker-buildx / kubernetes / opa / prometheus installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45142 advisory. - OpenTelemetry-Go Contrib is a collection of third-party...

CVE-2024-5676

The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery CSRF attacks due to a lack of countermeasures and the use of the HTTP method GET to introduce changes in the system...

CVE-2024-5676 Paradox IP150 Internet Module Cross-Site Request Forgery

The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery CSRF attacks due to a lack of countermeasures and the use of the HTTP method GET to introduce changes in the system...

CVE-2024-5676

CVE-2024-5676 affects the Paradox IP150 Internet Module, version 1.40.00. The issue is a Cross-Site Request Forgery (CSRF) vulnerability caused by a lack of countermeasures and the use of HTTP GET to introduce changes in the system. No exploitation details are provided in the supplied documents. ...

Fedora 40 : caddy (2024-19d093c14d)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-19d093c14d advisory. Automatic update for caddy-2.7.6-1.fc40. Changelog Fri Feb 9 2024 Carl George - 2.7.6-1 - Update to version 2.7.6 rhbz2253698 - Includes fix for CVE-2023-451...

BIT-HAPROXY-2021-39241

An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such ...

CentOS 9 : haproxy-2.4.7-1.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the haproxy-2.4.7-1.el9 build changelog. - An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and pat...

IBM PowerSC Explains Conflict Vulnerabilities

IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC suffers from an interpretation conflict vulnerability that stems from not using a secure HTTP method, which could be exploited by an attacker to perform unauthorized...

Fedora 39 : caddy (2024-22b915e51a)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-22b915e51a advisory. Update to the latest upstream version, which includes a fix for CVE-2023-45142. https://github.com/caddyserver/caddy/releases/tag/v2.7.6 Tenable has extracte...

Request Smuggling

aiohttp is vulnerable to Request Smuggling. The vulnerability exists due to improper HTTP method validation in this library, which allows attackers to modify HTTP requests...